Commit graph

42 commits

Author SHA1 Message Date
Lennart Poettering 5d594d012d socket-util: add wrappers for binding socket to ifindex/ifname
socket_bind_to_ifindex() uses the the SO_BINDTOIFINDEX sockopt of kernel
5.0, with a fallback to SO_BINDTODEVICE on older kernels.

socket_bind_to_ifname() is a trivial wrapper around SO_BINDTODEVICE, the
only benefit of using it instead of SO_BINDTODEVICE directly is that it
determines the size of the interface name properly so that it also works
for unbinding. Moreover, it's an attempt to unify our invocations of the
sockopt with a size of strlen(ifname) rather than strlen(ifname)+1...
2019-03-18 12:02:32 +01:00
Yu Watanabe ef118d00eb util: drop missing.h from socket-util.h 2018-12-06 13:31:16 +01:00
Zbigniew Jędrzejewski-Szmek 15dca3711d basic/socket-util: use c-escaping to print unprintable socket paths
We are pretty careful to reject abstract sockets that are too long to fit in
the address structure as a NUL-terminated string. And since we parse sockets as
strings, it is not possible to embed a NUL in the the address either.  But we
might receive an external socket (abstract or not), and we want to be able to
print its address in all cases. We would call socket_address_verify() and
refuse to print various sockets that the kernel considers legit.

Let's do the strict verification only in case of socket addresses we parse and
open ourselves, and do less strict verification when printing addresses of
existing sockets, and use c-escaping to print embedded NULs and such.

More tests are added.

This should make LGTM happier because on FIXME comment is removed.
2018-11-30 21:58:47 +01:00
Lennart Poettering 2ff48e981e tree-wide: introduce setsockopt_int() helper and make use of it everywhere
As suggested by @heftig:

6d5e65f645 (commitcomment-30938667)
2018-10-18 19:50:29 +02:00
Lennart Poettering 69995bffb7 socket-util: include trailing NUL byte in SOCKADDR_UN_LEN() count for fs sockets
This is what unix(7) recommends, hence do so.
2018-10-15 19:40:51 +02:00
Lennart Poettering 5cf91ea9c8 socket-util: add sockaddr_un_set_path() helper
Properly initializing sun_path from foreign data is not easy, given the
size constraints, and NUL confusion. Let's add a helper function for
this.
2018-10-15 19:35:00 +02:00
Lennart Poettering 9f20fc28f0 socket-util: add new sockaddr_un_unlink() helper
The helper is supposed to properly handle cases where .sun_path does not
contain a NUL byte, and thus copies out the path suffix a NUL as
necessary.

This also reworks the more specific socket_address_unlink() to be a
wrapper around the more generic sockaddr_un_unlink()
2018-10-15 19:35:00 +02:00
Filipe Brandenburger d34673ecb8 socket-util: Introduce send_one_fd_iov() and receive_one_fd_iov()
These take a struct iovec to send data together with the passed FD.

The receive function returns the FD through an output argument. In case data is
received, but no FD is passed, the receive function will set the output
argument to -1 explicitly.

Update code in dynamic-user to use the new helpers.
2018-08-02 09:25:04 -07:00
Lennart Poettering 0c69794138 tree-wide: remove Lennart's copyright lines
These lines are generally out-of-date, incomplete and unnecessary. With
SPDX and git repository much more accurate and fine grained information
about licensing and authorship is available, hence let's drop the
per-file copyright notice. Of course, removing copyright lines of others
is problematic, hence this commit only removes my own lines and leaves
all others untouched. It might be nicer if sooner or later those could
go away too, making git the only and accurate source of authorship
information.
2018-06-14 10:20:20 +02:00
Lennart Poettering 818bf54632 tree-wide: drop 'This file is part of systemd' blurb
This part of the copyright blurb stems from the GPL use recommendations:

https://www.gnu.org/licenses/gpl-howto.en.html

The concept appears to originate in times where version control was per
file, instead of per tree, and was a way to glue the files together.
Ultimately, we nowadays don't live in that world anymore, and this
information is entirely useless anyway, as people are very welcome to
copy these files into any projects they like, and they shouldn't have to
change bits that are part of our copyright header for that.

hence, let's just get rid of this old cruft, and shorten our codebase a
bit.
2018-06-14 10:20:20 +02:00
Yu Watanabe b54e98ef8e socket-util: rename parse_socket_address_bind_ipv6_only_or_bool() to socket_address_bind_ipv6_only_or_bool_from_string()
Hence, we can define config_parse_socket_bind() by using
DEFINE_CONFIG_PARSE_ENUM() macro.
2018-05-31 11:09:41 +09:00
Zbigniew Jędrzejewski-Szmek 11a1589223 tree-wide: drop license boilerplate
Files which are installed as-is (any .service and other unit files, .conf
files, .policy files, etc), are left as is. My assumption is that SPDX
identifiers are not yet that well known, so it's better to retain the
extended header to avoid any doubt.

I also kept any copyright lines. We can probably remove them, but it'd nice to
obtain explicit acks from all involved authors before doing that.
2018-04-06 18:58:55 +02:00
Yu Watanabe 92db49a0c2 socket-util: drop getnameinfo_pretty() 2018-02-10 11:10:07 +09:00
Lennart Poettering 8b7f989a58 socket-util: explicitly ensure there's one trailing NUL byte on AF_UNIX socket addresses
AF_UNIX socket addresses aren't necessarily NUL terminated, however
they are usually used as strings which are assumed to be NUL terminated.
Let's hence add an extra byte to the end of the sockaddr_un structure,
that contains this NUL byte, simply for safety reasons.

Note that actually this patch changes exactly nothing IRL, as the other
sockaddr structures already are large enough to accomodate for an extra
NUL byte. The size of the union hence doesn't change at all by doing
this. The entire value of this patch is hence in the philosophical
feeling of safety, and by making something explicit that before was
implicit.
2018-01-05 13:55:08 +01:00
Lennart Poettering 43f2c88df0 socket-util: add new getpeergroups() call
It's a wrapper around the new SO_PEERGROUPS sockopt, similar in style as
getpeersec() and getpeercred().
2018-01-04 13:27:27 +01:00
Yu Watanabe 6f90844fe2 socket-util: introduce parse_socket_address_bind_ipv6_only_or_bool() 2018-01-02 02:23:21 +09:00
Yu Watanabe 398ce0bc5a socket-util: add socket_address_type_{from,to}_string() 2017-12-23 18:46:43 +09:00
Zbigniew Jędrzejewski-Szmek 53e1b68390 Add SPDX license identifiers to source files under the LGPL
This follows what the kernel is doing, c.f.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5fd54ace4721fc5ce2bb5aef6318fcf17f421460.
2017-11-19 19:08:15 +01:00
bengal b1f24b75af dhcp-network: adjust sockaddr length for addresses longer than 8 bytes (#6527)
An infiniband hardware address is 20 bytes, but sockaddr_ll.sll_addr is only 8
bytes. Explicitly ensure that sockaddr_union has enough space for infiniband
addresses, even if they run over sockaddr_ll and add a macro to compute the
proper size to pass to kernel.
2017-08-08 18:55:31 +02:00
Susant Sahani 2680894816 socket-util: introduce address_label_valid 2017-02-28 16:53:58 +05:30
Zbigniew Jędrzejewski-Szmek 69dc692252 socket-util: drop _pure_ from a function with an output parameter
If it writes to memory, it's not pure, by definition.
Fixup for 882ac6e769.
2017-01-11 16:37:34 -05:00
Stefan Hajnoczi 0fc0f14bfd socket-util: add AF_VSOCK address family
The AF_VSOCK address family facilitates guest<->host communication on
VMware and KVM (virtio-vsock).  Adding support to systemd allows guest
agents to be launched through .socket unit files.  Today guest agents
are stand-alone daemons running inside guests that do not take advantage
of systemd socket activation.
2017-01-10 15:29:04 +00:00
Stefan Hajnoczi 882ac6e769 socket-util: introduce port argument in sockaddr_port()
sockaddr_port() either returns a >= 0 port number or a negative errno.
This works for AF_INET and AF_INET6 because port ranges are only 16-bit.

In AF_VSOCK ports are 32-bit so an int cannot represent all port number
and negative errnos.  Separate the port and the return code.
2017-01-10 15:29:04 +00:00
Lennart Poettering 429b435026 sd-device/networkd: unify code to get a socket for issuing netdev ioctls on
As suggested here:

https://github.com/systemd/systemd/pull/4296#issuecomment-251911349

Let's try AF_INET first as socket, but let's fall back to AF_NETLINK, so that
we can use a protocol-independent socket here if possible. This has the benefit
that our code will still work even if AF_INET/AF_INET6 is made unavailable (for
exmple via seccomp), at least on current kernels.
2016-10-06 19:04:01 +02:00
Lennart Poettering 29206d4619 core: add a concept of "dynamic" user ids, that are allocated as long as a service is running
This adds a new boolean setting DynamicUser= to service files. If set, a new
user will be allocated dynamically when the unit is started, and released when
it is stopped. The user ID is allocated from the range 61184..65519. The user
will not be added to /etc/passwd (but an NSS module to be added later should
make it show up in getent passwd).

For now, care should be taken that the service writes no files to disk, since
this might result in files owned by UIDs that might get assigned dynamically to
a different service later on. Later patches will tighten sandboxing in order to
ensure that this cannot happen, except for a few selected directories.

A simple way to test this is:

        systemd-run -p DynamicUser=1 /bin/sleep 99999
2016-07-22 15:53:45 +02:00
Lennart Poettering ef76dff225 util-lib: add new ifname_valid() call that validates interface names
Make use of this in nspawn at a couple of places. A later commit should port
more code over to this, including networkd.
2016-05-09 15:45:31 +02:00
Martin Pitt d75103d4c6 Merge pull request #3202 from poettering/socket-fixes
don't reopen socket fds when reloading the daemon
2016-05-08 21:09:35 +02:00
Lennart Poettering 60d9771c59 core: rework how we flush incoming traffic when a socket unit goes down
Previously, we'd simply close and reopen the socket file descriptors. This is
problematic however, as we won't transition through the SOCKET_CHOWN state
then, and thus the file ownership won't be correct for the sockets.

Rework the flushing logic, and actually read any queued data from the sockets
for flushing, and accept any queued messages and disconnect them.
2016-05-06 13:29:26 +02:00
Lennart Poettering fc2fffe770 tree-wide: introduce new SOCKADDR_UN_LEN() macro, and use it everywhere
The macro determines the right length of a AF_UNIX "struct sockaddr_un" to pass to
connect() or bind(). It automatically figures out if the socket refers to an
abstract namespace socket, or a socket in the file system, and properly handles
the full length of the path field.

This macro is not only safer, but also simpler to use, than the usual
offsetof() + strlen() logic.
2016-05-05 22:24:36 +02:00
Lennart Poettering 4edc2c9b6b networkd: FIONREAD is not reliable on some sockets
Fixes: #2457
2016-02-16 13:06:55 +01:00
Daniel Mack b26fa1a2fb tree-wide: remove Emacs lines from all files
This should be handled fine now by .dir-locals.el, so need to carry that
stuff in every file.
2016-02-10 13:41:57 +01:00
Daniel Mack 371859d6b5 Merge pull request #2080 from chaloulo/split-mode-host-remove-port-from-journal-filename
journal-remote: split-mode=host, remove port from journal filename
2016-01-22 09:47:59 +01:00
Susant Sahani 7b7afdfc07 systemd-activate: Add support for datagram sockets
core: Add flexible way to provide socket type
the socket type should be a diffrent argumet
in make_socket_fd . In this way we can set the socket
type like SOCK_STREAM SOCK_DGRAM in the address.

journal-remote: modify make_socket_fd
2016-01-22 09:41:44 +05:30
Zbigniew Jędrzejewski-Szmek 726f4c4738 journal: unbreak sd_journal_sendv
Borked since
commit 3ee897d6c2
Author: Lennart Poettering <lennart@poettering.net>
Date:   Wed Sep 23 01:00:04 2015 +0200

    tree-wide: port more code to use send_one_fd() and receive_one_fd()

because here our fd is not connected and we need to specify
the address.
2015-12-03 09:14:01 -05:00
Klearchos Chaloulos 366b7db4b6 journal-remote: split-mode=host, remove port from journal filename
When constructing the journal filename to store logs from a remote host, remove the port of the tcp connection, as the port will change with every reboot/connection loss between sender/reveiver machines. Having the port in the filename will cause a new journal file to be created for every reboot or connection loss.
For the implementation, a new argument "bool include_port" is added to the getpeername_pretty() function. This is passed to the sockaddr_pretty() function. The value of the include_port argument is set to true in all calls of getpeername_pretty(), except for 2 calls in journal-remote.c, where it is set to false.
2015-12-01 19:29:59 +02:00
Thomas Hindoe Paaboel Andersen 11c3a36649 basic: include only what we use
This is a cleaned up result of running iwyu but without forward
declarations on src/basic.
2015-11-30 21:51:03 +01:00
Thomas Hindoe Paaboel Andersen 71d35b6b55 tree-wide: sort includes in *.h
This is a continuation of the previous include sort patch, which
only sorted for .c files.
2015-11-18 23:09:02 +01:00
Lennart Poettering 8f328d36c9 socket-util: move CMSG_FOREACH() from macro.h to socket-util.h 2015-10-27 13:25:57 +01:00
Lennart Poettering 2583fbea8e socket-util: move remaining socket-related calls from util.[ch] to socket-util.[ch] 2015-10-26 01:24:39 +01:00
Lennart Poettering 81a56d6f42 util-lib: move ether_addr_to_string() into ether-addr-util.c 2015-10-26 01:24:39 +01:00
Christos Trochalakis 54255c64e6 socket: Set SO_REUSEPORT before bind()
bind() fails if it is called before setting SO_REUSEPORT and another
process is already binded to the same addess.

A new reuse_port option has been introduced to socket_address_listen()
to set the option as part of socket initialization.
2015-07-01 16:43:03 +03:00
Kay Sievers a095315b3c build-sys: split internal basic/ library from shared/
basic/      can be used by everything
            cannot use anything outside of basic/

libsystemd/ can use basic/
            cannot use shared/

shared/     can use libsystemd/
2015-06-11 10:52:46 +02:00
Renamed from src/shared/socket-util.h (Browse further)